Total XP Security is fake security program, that also known as rogue antispyware application. The software is a new clone of XP Internet Security 2010, which is a rogue too. Nothing new here, Total XP Security is promoted and installed through the use of trojan. When the trojan is started, for some time it itself does not manifest, thus hiding the web site with which it entered on the computer. A few minutes later, the trojan will secretly download and install the rogue onto your computer without your permission and knowledge.
During installation, Total XP Security will configure itself to run automatically every time when you run any program that have “exe” extension (99% of Windows applications). The rogue also uses this method of running to block the ability to run any programs, including your antivirus and antispyware application.
When Total XP Security is started, it will imitate a system scan and report a variety of infections that will not be fixed unless you first purchase the software. Of course, this is a scam, because the rogue is unable to detect or remove any infections. Important to know, all of these infections do not actually exist on your computer, so you can safely ignore them.
While Total XP Security is running, you will be shown nag screens and fake security warnings from Windows task bar. The fake security program will also hijack Internet Explorer and Firefox and display fake warnings when you opening a web site.
Obvious, Total XP Security is the program, whose presence on the computer is not desirable. It is created with one purpose, using deception and threats to force you to open your wallet and pull out the money. If your computer is infected with this malware, then most importantly, do not purchase it! Remove the rogue from your computer as soon as possible. Please follow the removal guide in order to remove this Total XP Security and any other associated malware from your computer for free.
More screen shoots of Total XP Security
Use the following instructions to remove Total XP Security (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove Total XP Security associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for Total XP Security infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Total XP Security. MalwareBytes Anti-malware will now remove all of associated Total XP Security files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Total XP Security creates the following files and folders
%AppData%\ave.exe
Total XP Security creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
The current version of “XP Total Security” blocks the opening of programs out of its control, even in Safe Mode. But it doesn’t restrict saving data. And you can run online AV scans, but only of pages out of its reach, hence those are useless. It is really a killer-program that is better dealt with by re-loading the OS. Current malware is placed in “user” files in “documents and settings.” I found it in 30 minutes, re-named then deleted it, thereby blocking all pop-ups. But that leaves the Registry blocks in place, and those aren’t easy to find. Tools/internet options/advanced has to be used to open “hidden files” in order to reach the .exe.
Lesson: always have a 2nd user setup on your computer. Even with the pop-ups in place, I was able to use both Explorer and Firefox on the 2nd profile, although most system programs were blocked by phony “administrator” restrictions. You will have access to Shared Folders, even with a trojan. If you have only 1 profile, set up another, with Browser icons in place. Also, set a fixed update time each day – I use 3PM – and be really careful with firewall breach requests that come after same. Malware often includes references to “java,” “microsoft,” etc, to confuse. Watch what you “allow.”
Thanks man.
IT wanted to format a co-workers laptop.
I searched and found your site.
Method 1 worked great.
btw: you can run fix.reg from the command prompt.. then reboot after saying yes to “are you really sure you want to do that” popups…
-og
fixed this
here’s the secret…. first, run sas_fixexefile.com
find it at… superantispyware.com/downloads/SAS_FixEXEfile.com
then, run combofix
done!
saw this today — fixed it, see my post here…
technibble.com/forums/showthread.php?t=26309
I got the XP Total security virus on Mon. I have tried the fixes above. I think I have gotten rid of the viruses but I still can’t get connected to the internet. Before it asked how I wanted to open the site. I used the Helper.exe and now it just says IE cannot display the website. Also the icons reapeared but I had to used it again after I turned my puter off and restarted. I am borowing a computer to get to this website.
Method 2 worked for me!! Took two hours and my roommates computer to follow this guide and now this nasty ass Trojan horse is gone. I could go biblical on the scumbags who created this shit storm and I feel sorry for the people who paid them. THANKS A MILLION for these instructions/website. Kind regards,
worked method 1 thanks
Here’s what worked for me:
1. click the XP Total Security 2011 icon, continue to manual registration code entry. Type 1147-175591-6550 (I don’t know how long this code will work – check for updates on-line if it’s inactive)
*This tricks the malware into thinking you purchased it, and allows Internet access.*
2. Open a desktop folder, click Tools, View, “Hide Extentions for Known File Types” should NOT be checked
*This allows you to change file extensions.*
3. Restart computer – Hit F8 key during start up – select Safe Mode with Networking
4. For FREE Malwarebytes Anti-Malware, go to malwarebytes.org/
Save (do NOT run) download. Change the file extention to “. com” (I saved using the filename “firefox.com”)
*This tricks the malware into allowing it to run. If it has .exe, it will be blocked.*
5. Proceed with Malware Bytes Scan.
When I rebooted after removing the infected files with Malware Bytes, the Windows Security Alert icon was red, but would not allow Automatic Updates
To fix – click Start, Run, type regsvr32 wuaueng.dll
Should be gone!
Wow…! I was mad at my husband for the whole day because he was the one using our laptop before getting the “xp-anti spyware”.
…I tried many sites but it didnt work until I found this site….
THANK you very very much!
Solima
I ran method 1 and the Malwarebytes Anti Malware. The computer works not, but I cannot open certain programs such as work or dropbox because Windows needs to know what program created it. How do I fix this?
Hey Patrick, thanks for the help
Method 1 seemed to have worked, although my Automatic Updates wont turn on… I have the red icon in the task bar that tells me of windows security alerts and my firewall is on, but my comp wont allow me to turn on automatic updates. This has happened after the Malwarebytes scan with Methos 2 used as well
please help
I am not IT savy but step 1 worked. Thank you.
I used method 1 which seems to have worked, however now I have issues with the my icons. My firefox icon won’t work right. When I click it, it pulls up the “open with” window, and of course I open with firefox… I can deal with that but it’s annoying. Also, I can’t seem to access my real security center. I’m not even sure it’s there anymore.
The virus is gone though it seems. The only thing it has left behing is the fake security warning icon in my dashboard, but it’s useless.
I juste love you!!! 🙂 Thanks a lot for litteraly saving my (computer’s) life! Would you marry me?? 😛
thank you so much, life saver. method one is working very well.
I used method one, works well. I will post this up on our companies support desk wiki.
Kind Regards,
James.
IT Support Team Supervisor
Thanks a ton!!! Followed method 1 and it worked. The Malware didn’t instal initially but followed the ‘instructions’ and then succeeded in installing it. It all worked well later on!!! Thank u so much for this help!
I, too, am not a frequent commenter, but I wanted to say “thank you.” Method 1 worked like a charm for me!
thank you so much!
i used method 1 and malwarebyte togather right after my pc got infected with xp security without rebooting my computer. After malwarebyte finished scanning and removed the virus, my pc is fine again! thank you so so much!